Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

+ - Ask Slashdot: Who's Going To Win the Malware Arms Race?->

Submitted by Anonymous Coward
An anonymous reader writes: We've been in a malware arms race since the 1990s. Malicious hackers keep building new viruses, worms, and trojan horses, while security vendors keep building better new detection and removal algorithms to stop them. Botnets are becoming more powerful, and phishing techniques are always improving — but so are the mitigation strategies. There's been some back and forth, but it seems like the arms race has been pretty balanced, so far. My question: will the balance continue, or is one side likely to take the upper hand over the next decade or two? Which side is going to win? Do you imagine an internet, 20 years from now, where we don't have to worry about what links we click or what attachments we open? Or is it the other way around, with threats so hard to block and DDoS attacks so rampant that the internet of the future is not as useful as it is now?
Link to Original Source

+ - BIOS Rootkit Implant To Debut at CanSecWest->

Submitted by msm1267
msm1267 writes: Research on new BIOS vulnerabilities and a working rootkit implant will be presented on Friday at the annual CanSecWest security conference. An attacker with existing remote access on a compromised computer can use the implant to turn down existing protections in place to prevent re-flashing of the firmware, enabling the implant to be inserted and executed.

The devious part of the exploit is that the researchers have found a way to insert their agent into System Management Mode, which is used by firmware and runs separately from the operating system, managing various hardware controls. System Management Mode also has access to memory, which puts supposedly secure and privacy focused operating systems such as Tails in the line of fire of the implant.

Their implant, the researchers said, is able to scrape the secret PGP key Tails uses for encrypted communication, for example. It can also steal passwords and encrypted communication. The implant survives OS re-installation and even Tails’ built-in protections, including its capability of wiping RAM.

Link to Original Source

+ - In 1998, I told the major labels to create their own iTunes. They laughed at me.->

Submitted by journovampire
journovampire writes: "I started to believe that there a simple solution of how record companies could take back some control as the internet age dawned: let’s make... a digital download store owned by all of the major labels, with some independent equity if we can manage it, that can service the market just as we do successfully in the physical world. I brought the idea to the NVPI and raised it. The first response was laughter. Lots of laughter."
Link to Original Source

+ - Is 10 Years in Jail the Answer to Online Pirates?->

Submitted by Anonymous Coward
An anonymous reader writes: Physical counterfeiters can receive up to 10 years in jail under UK copyright law but should online pirates receive the same maximum punishment? A new report commissioned by the government reveals that many major rightsholders believe they should, but will that have the desired effect?

A new study commissioned by the UK Intellectual Property Office (IPO) examines whether the criminal sanctions for copyright infringement available under the Copyright, Designs and Patents Act 1988 (CDPA 1988) are currently proportionate and correct, or whether they should be amended.

While the Digital Economy Act 2010 increased financial penalties up to a maximum of £50,000, in broad terms the main ‘offline’ copyright offenses carry sentences of up to 10 years in jail while those carried out online carry a maximum of ‘just’ two.

Link to Original Source

+ - Raising tax revenue in California from Medical Cannabis Sales->

Submitted by bobmerly
bobmerly writes: With the latest in Cannabis News, Colorado, the first state to legalize marijuana, has shown other doubting states that this new industry – allowing for medical marijuana and casual Pot use provides an added additional source of medical supply and revenue. State governments should be interested because medical cannabis can help with national development through income obtained from taxation. Since Colorado made that epic move it has taken in $53 million in tax revenue. California can look to redeem similar benefits if it makes the step into the marijuana industry.
Link to Original Source

+ - How Does One Verify Hard Drive Firmware? 1

Submitted by Anonymous Coward
An anonymous reader writes: In light of recent revelations from Kaspersky Labs about the Equation Group and persistent hard drive malware, I was curious about how easy it might be to verify my own system's drives to see if they were infected. I have no real reason to think they would be, but I was dismayed by the total lack of tools to independently verify such a thing. For instance, Seagate's firmware download pages provide files with no external hash, something Linux distributions do for all of their packages. Neither do they seem to provide a utility to read off the current firmware from a drive and verify its integrity.

Are there any utilities to do such a thing? Why don't these companies provide such a thing to users? Has anyone compiled and posted a public list of known-good firmware hashes for the major hard drive vendors and models? This seems to be a critical hole in PC security.

I did contact Seagate support asking for hashes of their latest firmware; I got a response stating that '...If you download the firmware directly from our website there is no risk on the file be tampered with." [their phrasing, not mine]. Methinks somebody hasn't been keeping up with world events lately.

+ - Ask Slashdot: parental content control for free OSs?

Submitted by m.alessandrini
m.alessandrini writes: Children grow up, and inevitably they will start using internet and social networks, both for educational and recreational purposes. And it won't take long to them to learn to be autonomous, especially with all the smartphones and tablets around and your limited time.
Unlike the years of my youth, when internet started to enter our lives gradually, now I'm afraid of the amount of inappropriate contents a child can be exposed to unprepared: porn, scammers, cyberbullies or worse, are just a click away.
For Windows many solutions claim to exist, usually in form of massive antivirus suites. What about GNU/Linux? Or Android? Several solutions rely on setting up a proxy with a whitelist of sites, or similar, but I'm afraid this approach can make internet unusable, or otherwise be easy to bypass. Have you any experiences or suggestions? Do you think software solutions are only a part of the solution, provided children can learn hacking tricks better than us, and if so, what other "human" techniques are most effective?

"Indecision is the basis of flexibility" -- button at a Science Fiction convention.

Working...